Hackers Stealing Data on iOS Via Major Security Flaw

Apple has reclaimed its crown as the world's most valuable brand, worth a staggering $247 billion, according to a new survey. ROBERT GALBRAITH / Reuters

Hackers are taking advantage of vulnerability in Apple's iOS mobile operating system to install malicious software disguised as popular apps such as Facebook, Twitter and WhatsApp to steal personal information.

The installation happens when a user clicks a link that may have been sent to them via email, text message or even a fake advertisement on a website, according to a new report by cybersecurity firm FireEye.

A fake and malicious app is installed that looks like the legitimate version on a user's device. And unlike the normal version of the app, the hacker's version can steal sensitive information and send it back to a remote server.

How can I protect my iCloud from getting hacked? 0:40

"It can look at the historical data that app might have saved depending on the type of app," Simon Mullis, global technical lead at FireEye, told CNBC.

"For a corporate user, it could be catastrophic if hackers get insight into internal negotiations and corporate crown jewels at risk."

WhatsApp, Twitter, Facebook, Facebook Messenger, WeChat, Google Chrome, Viber, Blackberry Messenger, Skype, Telegram, and VK are the apps being used for malicious purposes, according to FireEye.

Read More from CNBC: 5 Billion Android Apps Open to Hack

The hack could potentially be used on different mobile operating systems but so far FireEye has only seen it employed on iOS version 8.1.3 and before. This particular hack also works on iOS devices that haven't been modified to bypass certain restrictions imposed by Apple -- which were typically seen as safe from attack.

This attack was discovered from the 400GB worth of files leaked when an Italian company that sells surveillance technology to governments was hacked last month.

The data dump from Hacking Team is likely to lead to more severe attacks, according to FireEye, which many are not prepared for.

"It is a glimpse under the water to see the rest of the iceberg," Mullis said.

"You can be sure that not only are there major institutions currently breached and that don't know about it, but there are other groups using attacks against end users."